This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KRACK vulnerability

What is the Sophos position on the KRACK vulnerability in WPA2? Are we safe, when will we see a patch if we're not? Many vendors have already released statements with models affect, patches and work-arounds. Cisco, Aruba, Ubiqiti, Microsoft, etc.



This thread was automatically locked due to age.
Parents Reply Children
  • On there twitter I just see the post acknowledging the vulnerability and to wait for a patch, did I miss the twit?

    Latest patch available on the FTP is 9.504 which does not include the KRACK fix. Sophos was informed of the vulnerability in late August so I am not sure why we don't have a patch yet. 

  • No what's sad is that MANY MANY VENDORS KNEW ABOUT THIS SINCE AUGUST 25TH AND SOPHOS SINCE EARLY SEPTEMBER but they waited until the VULN went PUBLIC to do anything about it.  

    This should have been fixed weeks ago and not when it goes public a month+ and for some nearly 2 months after they were notified.   

     

    Goes to show that all of this security theater is reactionary in nature and it takes a public shaming to expose the action to fix....THAT IS REALLY SAD!

  • Hi brunomc, can you point me to the twitter message about the released patch and the patch link itself, please?

    That way I can forward the information to the Support because they just replayed to me that there is no fix right now.

     

    From https://www.kb.cert.org/vuls/id/CHEU-AQXJL5 you can see Sophos was notified about this bug on the 6th of September, I hoped after 1 month there would have been a patch already.

     

  • I did edit my post yesterday mentioning :"edit: apparently no patch for this issue. Sad as now it would have been the right time."  :)